Corporations are rapidly deploying web-based applications to automate business processes and to facilitate real-time interaction with customers, business partners and employees. Highly vulnerable to malicious hackers, web applications provide an entry point through which sensitive data can be accessed and stolen. Given the vulnerability of web applications, establishing protection of sensitive data is critical for any enterprise that is exposing sensitive information over the Internet.
Existing solutions for protecting unauthorized transmission of confidential personal identification information via web applications are known. According to one known method, web developers manually review computer code to persons. One downside of this approach is that web developers need to review computer code each time web application changes.
According to another approach, known as a web site defacement, unique digital signatures are assigned to CGI scripts and Active Server Pages published on a web site. When a reply is sent from a web server in response to a request from a client device, a digital signature of the content of the reply is compared with the previously saved signature of the stored content for the web page. If the signatures match, the content is deemed authentic and sent to the user without delay. If the signatures don't match, the content is deemed tampered with and the requested transaction is not executed. One downside of this approach is its lack of flexibility. For example, when a web page is dynamically updated, it is assumed that the web application has been tampered with because a digital signature of the dynamically updated web page does not match the digital signature of the original web page. As a result, the web site defacement approach similarly does not reflect the dynamic nature of web applications.
Accordingly, what is needed is a web application security technique that protects unauthorized transmission of confidential personal identification information via web applications while reflecting dynamic nature of web applications.